Darren Tucker
2018-Jun-08 01:52 UTC
vanilla build of 7.7p1 release on linux/4.17 fails with gcc8 @ "/usr/bin/ld: unrecognized option '-Wl,-z,retpolineplt'"
On 8 June 2018 at 11:21, PGNet Dev <pgnet.dev at gmail.com> wrote:> fyi > > add'l -- and looks unrelated -- issue > /usr/include/pthread.h:251:12: note: previous declaration of ?pthread_join? was here > extern int pthread_join (pthread_t __th, void **__thread_return);What included pthread.h? That's explicitly not supported by sshd: $ grep THREAD auth-pam.c #ifdef USE_POSIX_THREADS # error "USE_POSIX_THREADS replaced by UNSUPPORTED_POSIX_THREADS_HACK" * Formerly known as USE_POSIX_THREADS, using this is completely unsupported #ifdef UNSUPPORTED_POSIX_THREADS_HACK -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
PGNet Dev
2018-Jun-08 02:13 UTC
vanilla build of 7.7p1 release on linux/4.17 fails with gcc8 @ "/usr/bin/ld: unrecognized option '-Wl,-z,retpolineplt'"
On 6/7/18 6:52 PM, Darren Tucker wrote:> What included pthread.h? That's explicitly not supported by sshd:I'll poke around
PGNet Dev
2018-Jun-08 03:27 UTC
vanilla build of 7.7p1 release on linux/4.17 fails with gcc8 @ "/usr/bin/ld: unrecognized option '-Wl,-z,retpolineplt'"
On 6/7/18 7:13 PM, PGNet Dev wrote:> On 6/7/18 6:52 PM, Darren Tucker wrote: >> What included pthread.h?? That's explicitly not supported by sshd: > > I'll poke aroundcd /usr/local/src/openssh/openssh-7.7p1/ source ~/.bashrc unset LDFLAGS unset CFLAGS CXXFLAGS CPPFLAGS make distclean export LD=gcc autoreconf -fiv ./configure \ --prefix="/usr/local/sshtest" \ --without-openssl \ --with-pam make V=1 ... (cd openbsd-compat && make) make[1]: Entering directory '/usr/local/src/openssh/openssh-7.7p1/openbsd-compat' make[1]: Nothing to be done for 'all'. make[1]: Leaving directory '/usr/local/src/openssh/openssh-7.7p1/openbsd-compat' ar rv libssh.a ssh_api.o ssherr.o sshbuf.o sshkey.o sshbuf-getput-basic.o sshbuf-misc.o sshbuf-getput-crypto.o krl.o bitmap.o ssh-xmss.o sshkey-xmss.o xmss_commons.o xmss_fast.o xmss_hash.o xmss_hash_address.o xmss_wots.o authfd.o authfile.o bufaux.o bufbn.o bufec.o buffer.o canohost.o channels.o cipher.o cipher-aes.o cipher-aesctr.o cipher-ctr.o cleanup.o compat.o crc32.o fatal.o hostfile.o log.o match.o moduli.o nchan.o packet.o opacket.o readpass.o ttymodes.o xmalloc.o addrmatch.o atomicio.o key.o dispatch.o mac.o uidswap.o uuencode.o misc.o utf8.o monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o ssh-pkcs11.o smult_curve25519_ref.o poly1305.o chacha.o cipher-chachapoly.o ssh-ed25519.o digest-openssl.o digest-libc.o hmac.o sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o platform-pledge.o platform-tracing.o platform-misc.o ar: creating libssh.a a - ssh_api.o a - ssherr.o a - sshbuf.o a - sshkey.o a - sshbuf-getput-basic.o a - sshbuf-misc.o a - sshbuf-getput-crypto.o a - krl.o a - bitmap.o a - ssh-xmss.o a - sshkey-xmss.o a - xmss_commons.o a - xmss_fast.o a - xmss_hash.o a - xmss_hash_address.o a - xmss_wots.o a - authfd.o a - authfile.o a - bufaux.o a - bufbn.o a - bufec.o a - buffer.o a - canohost.o a - channels.o a - cipher.o a - cipher-aes.o a - cipher-aesctr.o a - cipher-ctr.o a - cleanup.o a - compat.o a - crc32.o a - fatal.o a - hostfile.o a - log.o a - match.o a - moduli.o a - nchan.o a - packet.o a - opacket.o a - readpass.o a - ttymodes.o a - xmalloc.o a - addrmatch.o a - atomicio.o a - key.o a - dispatch.o a - mac.o a - uidswap.o a - uuencode.o a - misc.o a - utf8.o a - monitor_fdpass.o a - rijndael.o a - ssh-dss.o a - ssh-ecdsa.o a - ssh-rsa.o a - dh.o a - msg.o a - progressmeter.o a - dns.o a - entropy.o a - gss-genr.o a - umac.o a - umac128.o a - ssh-pkcs11.o a - smult_curve25519_ref.o a - poly1305.o a - chacha.o a - cipher-chachapoly.o a - ssh-ed25519.o a - digest-openssl.o a - digest-libc.o a - hmac.o a - sc25519.o a - ge25519.o a - fe25519.o a - ed25519.o a - verify.o a - hash.o a - kex.o a - kexdh.o a - kexgex.o a - kexecdh.o a - kexc25519.o a - kexdhc.o a - kexgexc.o a - kexecdhc.o a - kexc25519c.o a - kexdhs.o a - kexgexs.o a - kexecdhs.o a - kexc25519s.o a - platform-pledge.o a - platform-tracing.o a - platform-misc.o ranlib libssh.a gcc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect2.o mux.o -L. -Lopenbsd-compat/ -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lutil -lz -lcrypt -lresolv /usr/lib64/gcc/x86_64-suse-linux/8/../../../../x86_64-suse-linux/bin/ld: warning: -z retpolineplt ignored. /usr/bin/gcc-8 -g -O2 -pipe -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -mfunction-return=thunk -mindirect-branch=thunk -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/usr/local/sshtest/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/sshtest/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/sshtest/lib/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/sshtest/lib/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/sshtest/lib/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/local/sshtest/lib/ssh-pkcs11-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c auth-pam.c -o auth-pam.o auth-pam.c:179:1: error: static declaration of ?pthread_exit? follows non-static declaration pthread_exit(void *value) ^~~~~~~~~~~~ In file included from /usr/include/openssl/crypto.h:415, from /usr/include/openssl/bio.h:20, from /usr/include/openssl/objects.h:915, from buffer.h:50, from entropy.h:28, from includes.h:177, from auth-pam.c:50: /usr/include/pthread.h:243:13: note: previous declaration of ?pthread_exit? was here extern void pthread_exit (void *__retval) __attribute__ ((__noreturn__)); ^~~~~~~~~~~~ auth-pam.c:186:1: error: conflicting types for ?pthread_create? pthread_create(sp_pthread_t *thread, const void *attr, ^~~~~~~~~~~~~~ In file included from /usr/include/openssl/crypto.h:415, from /usr/include/openssl/bio.h:20, from /usr/include/openssl/objects.h:915, from buffer.h:50, from entropy.h:28, from includes.h:177, from auth-pam.c:50: /usr/include/pthread.h:234:12: note: previous declaration of ?pthread_create? was here extern int pthread_create (pthread_t *__restrict __newthread, ^~~~~~~~~~~~~~ auth-pam.c:212:1: error: conflicting types for ?pthread_cancel? pthread_cancel(sp_pthread_t thread) ^~~~~~~~~~~~~~ In file included from /usr/include/openssl/crypto.h:415, from /usr/include/openssl/bio.h:20, from /usr/include/openssl/objects.h:915, from buffer.h:50, from entropy.h:28, from includes.h:177, from auth-pam.c:50: /usr/include/pthread.h:514:12: note: previous declaration of ?pthread_cancel? was here extern int pthread_cancel (pthread_t __th); ^~~~~~~~~~~~~~ auth-pam.c:220:1: error: conflicting types for ?pthread_join? pthread_join(sp_pthread_t thread, void **value) ^~~~~~~~~~~~ In file included from /usr/include/openssl/crypto.h:415, from /usr/include/openssl/bio.h:20, from /usr/include/openssl/objects.h:915, from buffer.h:50, from entropy.h:28, from includes.h:177, from auth-pam.c:50: /usr/include/pthread.h:251:12: note: previous declaration of ?pthread_join? was here extern int pthread_join (pthread_t __th, void **__thread_return); ^~~~~~~~~~~~ make: *** [Makefile:160: auth-pam.o] Error 1 checking cat /usr/include/openssl/crypto.h ... # if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) # if defined(_WIN32) # if defined(BASETYPES) || defined(_WINDEF_H) /* application has to include <windows.h> in order to use this */ typedef DWORD CRYPTO_THREAD_LOCAL; typedef DWORD CRYPTO_THREAD_ID; typedef LONG CRYPTO_ONCE; # define CRYPTO_ONCE_STATIC_INIT 0 # endif # else 415 # include <pthread.h> typedef pthread_once_t CRYPTO_ONCE; typedef pthread_key_t CRYPTO_THREAD_LOCAL; typedef pthread_t CRYPTO_THREAD_ID; # define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT # endif # endif ... pulled in ultimately by include in buffer.h ... int buffer_get_ret(Buffer *, void *, u_int); int buffer_consume_ret(Buffer *, u_int); int buffer_consume_end_ret(Buffer *, u_int); 50 #include <openssl/objects.h> #include <openssl/bn.h> void buffer_put_bignum2(Buffer *, const BIGNUM *); void buffer_get_bignum2(Buffer *, BIGNUM *); void buffer_put_bignum2_from_string(Buffer *, const u_char *, u_int); ... given that --without-openssl *is* passed on config line, looks like those includes should possibley be wrapped in a with/without ssl conditional?
Jakub Jelen
2018-Jun-08 08:28 UTC
vanilla build of 7.7p1 release on linux/4.17 fails with gcc8 @ "/usr/bin/ld: unrecognized option '-Wl,-z,retpolineplt'"
On Fri, 2018-06-08 at 11:52 +1000, Darren Tucker wrote:> On 8 June 2018 at 11:21, PGNet Dev <pgnet.dev at gmail.com> wrote: > > fyi > > > > add'l -- and looks unrelated -- issue > > /usr/include/pthread.h:251:12: note: previous declaration > > of ?pthread_join? was here > > extern int pthread_join (pthread_t __th, void > > **__thread_return); > > What included pthread.h? That's explicitly not supported by sshd: > > $ grep THREAD auth-pam.c > #ifdef USE_POSIX_THREADS > # error "USE_POSIX_THREADS replaced by > UNSUPPORTED_POSIX_THREADS_HACK" > * Formerly known as USE_POSIX_THREADS, using this is completely > unsupported > #ifdef UNSUPPORTED_POSIX_THREADS_HACKThe pthread.h was first included in the new OpenSSL 1.1.0, which uses pthread.h and which conflicts with your pthread definitions. This can be resolved by the first part of the OpenSSL 1.1.0 patch, which we carry ever since: https://src.fedoraproject.org/rpms/openssh/blob/master/f/openssh-7.3p1- openssl-1.1.0.patch Regards, -- Jakub Jelen Software Engineer Security Technologies Red Hat, Inc.
PGNet Dev
2018-Jun-08 14:27 UTC
vanilla build of 7.7p1 release on linux/4.17 fails with gcc8 @ "/usr/bin/ld: unrecognized option '-Wl,-z,retpolineplt'"
On 6/8/18 1:28 AM, Jakub Jelen wrote:> The pthread.h was first included in the new OpenSSL 1.1.0, which uses > pthread.h and which conflicts with your pthread definitions. > This can be resolved by the first part of the OpenSSL 1.1.0 patch, > which we carry ever since: > > https://src.fedoraproject.org/rpms/openssh/blob/master/f/openssh-7.3p1- > openssl-1.1.0.patchFair enough for when openssh is built with openssl. The point in this case is that openssh is configured "--without-openssl", so there should be no need for, or reference to, openssl.